Support Login.

5 × three =

Login  
 

ThreatOps for Threat Handling and Response

Home / ThreatOps for Threat Handling and Response

The ThreatOps solution is designed to accelerate incident response by automatically taking disparate attack information to correlate and display it within one dashboard where attacks can be scored and playbooks created. The playbooks can then be used to create repeatable processes, simplifying incident response. Through 3rd party integration with prevention systems (Firewall, NAC, End-point, SIEM), attacks will automatically be blocked and quarantined, expediting response actions and preventing the attack from continuing to spread through the network.  Additionally, the solution empowers customers to threat hunt for forensic artifacts in other parts of the network and confirm that they have eradicated the attack.

Investigation Automation: The ThreatOps Platform works hand-in-hand with the BOTsink engagement server for in-network threat detection, attack analysis, and acceleration of incident response. The ThreatOp Platform, through automation, ingests information from threats detected by the BOTsink engagement server, SIEMs, and other devices, correlating attack data, logs, end-point memory forensics, and use of deception credentials by tracking failed log-ins. Additionally, through the Attivo solution or through integrations with end-point vendors, like ForeScout and McAfee (ePO), threat hunting can be activated to find the root cause – of the infection. This approach provides a more complete picture of the attack and ultimately reduces false positives and investigation time, thereby simplifying overall incident response.

Adaptive Deception: The ThreatOps Platform uses advanced analytics to profile the attackers and dynamically deploy deception of indistinguishable quality and redirect attackers to decoys where specific activities can be tracked to the level of details needed by other security solutions in the network for detection and remediation. This severely impacts attackers by making them spin meaningless cycles in a deception maze.

Collaboration: The ThreatOps Platform is designed to provide a single source for the security team to review correlated attack information and to collaborate on incident response.  Collaboration allows teams to see real threats they might have missed on their own from a partial view of threat activity throughout the network.  Additionally, it creates a consolidated environment for InfoSec teams to post IR activities and comments so that data can be easily shared and not lost in transition or over time.

Scoring and Playbook Automation: Once the attack has been analyzed, the threat is scored and playbooks created based on the security policies of an organization. This helps customers prioritize threat response and creates playbooks for repeatable processes when the same attack is seen in the future. Automated playbooks not only reduce incident response time, but also the skill set required to respond to future attacks.

Automated Incident Response Handling: Based on the security organization’s policies and playbooks, through 3rd party integration, the correlated attack information can be automatically shared with prevention and detection systems to block and isolate an attack for quick handling and remediation.

Remediation: Providing the complete picture needed for swift and effective incident response, a trouble ticket is generated by ThreatOps.  It can then be integrated with applications such as ServiceNow or Jira to give the IT Help Desk information on exactly what is needed for immediate remediation of an infected system or unit.

Benefits of the ThreatOps Solution:

  • Incident scoring and playbooks for repeatable processes
  • Automatic quarantine and attack blocking with 3rd party integrations
  • Threat hunting through Attivo and NAC integration

Read White Paper:  Distributed Deception Platforms for Automating Incident Response

  • "The big takeaway from our research is that more investment is needed in both security operations staff and in security tools, which can help companies efficiently and accurately detect and respond to security incidents. The time to detect an advanced threat is far too long; attackers are getting in and staying long enough that the damage caused is often irreparable."

    Dr. Larry Ponemon, Chairman and Founder at the Ponemon Institute

  • "This is the age-old approach to zero-day malware exploits. Once you have something running on your systems, if you don't do something to prevent the attackers from escalating their rights, then that's the keys to the kingdom."

    Ken Ammon, Chief Strategy Officer at Security Firm Xceedium

  • “Anything that the facility is capable of in its natural operating system, you’re [an attacker] capable of doing—and doing damage with if you control the network,”

    Robert Lee, a security researcher and active-duty U.S. Air Force Cyber Warfare Operations Officer

  • 1 in 5 incidents at healthcare organizations are still being identified by external sources such as patients whose information was compromised or by a law enforcement agency.

  • A “one-size-fits-all” model doesn’t apply when protecting key information. Financial Institutions should hold business executives accountable for protecting the crown jewels in the same manner, as they are accountable for financial results.

  • All it takes is one breach and you would have paid for your entire (breach detection) product.

    Mike Spanbauer , Vice President of Research, NSS Labs.

  • It’s striking how many layers of obfuscation that the group adopts. These groups are innovating and becoming more creative.

    Jennifer Weedon, FireEye Strategic Analysis Manager

  • 17,000 malware alerts per week 40% of malware goes undetected

    Fred Donovan , Fierce IT security

  • In a recent survey Holding the Line Against Cyber Threats: Critical Infrastructure Readiness

    • (72%) said that the threat level of attacks was escalating
    • (89%) of the respondents experienced at least one attack on a system within their organization, which they deemed secure, over the past three years
    • Fifty-nine percent of respondents stated that at least one of these attacks resulted in physical damage.

  • Deception as an automated responsive mechanism represents a sea change in the capabilities of the future of IT security that product managers or security programs should not take lightly.

    Lawrence Pingree, Gartner Research Director

  • There's two kinds of CIOs: ones who have been hacked and know it, and those who have been hacked and don't yet realize it. But the reality is, you've been hacked,

    Tony Scott, Federal CIO

  • The total average cost of a data breach is now $3.8 million, up from$3.5 million a year ago, according to a study by data security research organization Ponemon Institute.

    Paid for by International Business Machines Corp.May 27, 2015